Class Times: TTh 4:00-5:15pm

Classroom: Tate Hall B45

3 credits, Grading Basis – A-F only

Overview

This course covers both basics and the state of the art in computer systems attacks and defenses. Lectures are mainly based on recent research papers, which cover attacks compromising security and techniques mitigating attacks. While offering research advances in systems security, this course will also provide students with hands-on experience on advanced tools and techniques for fighting against advanced attacks and building secure computer systems.

The course is designed to be student-driven and interactive. The classes would be based on student presentations of selected research papers with an emphasis on class discussion. Students will also be given assignments (e.g., labs and writing paper critiques). In addition, there would be a semester-long course project to be done in groups of 1-2 students, with multiple milestones along with a final report and presentation.

Topics

Stack overflow and its exploitation, basic security mitigations such as DEP and StackGuard, code-reuse attacks, software fault isolation, memory layout randomization, control-flow integrity, memory safety, vulnerability detection with fuzzing and program analysis, mobile security and privacy, web/browser security, intrusion detection, malware analysis, trusted computing such as SGX, safe languages such as Rust, IoT security, and the Linux kernel bugs and exploits.

Textbook

No textbook; the course material would be based on recent research publications in top systems security conferences, workshops, and journals, as well as technical articles and blogs.

Prerequisite

C or C++ programming, operating systems

Office hours

  • Office hours: TTh 5:30-6:30pm at Keller Hall 5-217

Who should take this class?

This class is primarily intended for PhD students (motivated seniors and MS students are also welcome!) who want to learn about the latest research advances in computer systems security.

Grading policy

  • Paper presentation, writing critiques, and discussion (30%)
  • Lab assignment (10%)
  • Course project (60%)
    • Proposal presentation
    • Demo & presentation
    • Write-up & code
  • We follow the cheating policy (read UMN's STUDENT CONDUCT CODE).